RedHat has issued an advisory today (May 14): https://access.redhat.com/errata/RHSA-2019:1222 Wasn't easy to find, but resteasy is bundled in candlepin, and they updated this CVE by updating resteasy to 3.5.1. Not sure if there's a 3.0.x with the fix.
Whiteboard: (none) => MGA6TOO
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
Status comment: (none) => Fixed upstream in 3.5.1
CC: (none) => mageiaWhiteboard: MGA7TOO, MGA6TOO => MGA7TOO
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2020-25633CC: (none) => zombie_ryushuCVE: (none) => CVE-2020-25633
Summary: resteasy new security issue CVE-2016-6346 => resteasy new security issue CVE-2016-6346 CVE-2020-25633
Depends on: (none) => 27750
Depends on: 27750 => (none)Summary: resteasy new security issue CVE-2016-6346 CVE-2020-25633 => resteasy new security issue CVE-2016-6346CVE: CVE-2020-25633 => (none)
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25633 => (none)
Whiteboard: MGA7TOO => MGA8TOO, MGA7TOO
currently working to update it.
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA8TOO, MGA7TOO => MGA8TOO
That issue was fixed in 3.0.20 and Mageia 8 had 3.0.26
Resolution: (none) => OLDWhiteboard: MGA8TOO => (none)Status: NEW => RESOLVEDCC: (none) => nicolas.salgueroVersion: Cauldron => 8